News

Resources

Bitdefender won AV-Comparatives' Product of the Year award after winning Advanced+ rating in tests throughout 2017 covering the categories of Real World Protection, Performance, Malware Protection, False Alarms and Malware... Read More

Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, has appointed Andrew Philpott as Vice President of Enterprise Sales, Europe, the Middle East, and Africa (EMEA). Philpott’s... Read More

Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, has appointed Joe Sykora, a 21-year-veteran of the security industry, as Vice President of Worldwide Channel Development, continuing... Read More

Bitdefender, a leading cybersecurity technology company protecting 500 million users worldwide and NETGEAR, Inc. (NASDAQ:NTGR), a global networking company that delivers innovative products to consumers, businesses and service providers, announced... Read More

Protect the Enterprise with Next Generation Machine Learning

CONTEXT

On May 12th, the WannaCryptor (WannaCry) ransomware family infected thousands of computers across the world. In just 24 hours, the number of infections has spiked to 185,000 machines in more than 100 countries.

Bitdefender Hypervisor Introspection was able to prevent the exploit of the vulnerability long before it was disclosed and patched by Microsoft.

The attack is particularly dangerous for businesses because it takes just one employee to become infected for the attack to spread in the entire network, and sometimes even across countries to other subsidiaries, without any user interaction. This happens because the ransomware has a worm component that leverages a recently discovered vulnerability, affecting a wide range of Windows operating systems, including 2008, 2008 R2, 7, 7 SP1.

The attacks have caused major disruption to hospitals, telecom companies or gas and utilities plants. Among the organisations that took the worst hits is the National Health Service (NHS) in the UK, to share just a few examples.

HOW WANNACRY WORKS

Traditional ransomware is still one of the most common threats for small to large businesses across the world. While it usually spreads via malicious e-mail attachments, browser or third-party exploits, WannaCry attack automated the exploitation of a vulnerability which is present in most versions of Windows.

Why does it make it so dangerous? Simply because this allows a remote attacker to run code on the vulnerable computer and use that code to plant ransomware without any human and local action. This never before seen behavior makes it the perfect tool to attack specific environments or infrastructures, such as servers running a vulnerable version of the Server Message Block (SMB protocol).

Customers using Bitdefender GravityZone and Bitdefender Hypervisor Introspection are protected from hour zero from this attack wave. They are not affected by this new family of ransomware as our products detect and intercept both the delivery mechanism and all variations of the WannaCry ransomware known to date.

For this attack wave specifically, a machine learning model at the endpoint, developed by Bitdefender labs in 2013 is able to detect and block this ransomware variant.

Moreover, Bitdefender’s revolutionary Hypervisor Introspection technology, unique on the security market, is able to protect virtual servers from the entry mechanism of these attacks (the MS17-010 exploitation technique, otherwise known as EternalBlue).

Watch Hypervisor Introspection defeat EternalBlue

“For us and our customers this was just business as usual, our machine learning algorithms caught this immediately. And through the revolutionary memory introspection technology we detect any memory-based attacks like Eternalblue” said Harish Agastya, VP of Enterprise Solutions at Bitdefender.

RECOMMENDATIONS

To protect your business against WannaCry and other similar ransomware waves, all of Bitdefender’s endpoint security solutions are able to prevent the infection of our customers, thanks to their effective machine-learning based detection.

To further enhance protection against similar attack waves, you can completely seal your infrastructure against zero-days or unpatched vulnerabilities, by employing Hypervisor Introspection to protect your virtual workloads.